﻿using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System.Linq;

namespace Ids4DemoApi1
{
    public static class AuthConfigurer
    {
        public static void Configure(IServiceCollection services, IConfiguration configuration)
        {
            if (bool.Parse(configuration["Authentication:Ids4Bearer:IsEnabled"]))
            {
                #region IdentityServer4--Client、Password、Implicit、Code、Hybrid
                services.AddAuthentication("Bearer")
                    .AddIdentityServerAuthentication(options =>
                    {
                        options.Authority = "http://localhost:5000";//ids4的地址
                        options.ApiName = "UserApi";
                        options.RequireHttpsMetadata = false;
                    });
                #endregion

                //自定义policy授权模式
                services.AddAuthorization(options =>
                {
                    options.AddPolicy("eMailPolicy",
                        policyBuilder => policyBuilder
                        .RequireAssertion(context =>
                        context.User.HasClaim(c => c.Type == "client_eMail")
                        && context.User.Claims.First(c => c.Type.Equals("client_eMail")).Value.EndsWith("@qq.com")));//Client
                });
            }
        }
    }
}
